CVE-2017-5107

2017-10-2705:00:00

Chrome

www.cve.org

AI Score

5.8

Confidence

High

EPSS

0.005

Percentile

76.4%

JSON

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe’d via a crafted HTML page.

CNA Affected

[
  {
    "product": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Google Chrome prior to 60.0.3112.78 for Linux, Windows and Mac"
      }
    ]
  }
]